Embed to Website: Difference between revisions
m (Ollvihe moved page Website Embedding to Embed to Website without leaving a redirect) |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
QPR ProcessAnalyzer can be embedded to another website, such as Microsoft Sharepoint. The embedding is based on the ''iframe'' html element. By default, QPR ProcessAnalyzer only allowes to be embedded by a website in the same origin that is restricted by the Content-Security-Policy HTTL header. More information how to change the CSP setting in [[QPR_ProcessAnalyzer_Security_Hardening#HTTP_Response_Headers|Security Hardening]]. | QPR ProcessAnalyzer can be embedded to another website, such as Microsoft Sharepoint. The embedding is based on the ''iframe'' html element. By default, QPR ProcessAnalyzer only allowes to be embedded by a website in the same origin that is restricted by the Content-Security-Policy HTTL header. More information how to change the CSP setting in [[QPR_ProcessAnalyzer_Security_Hardening#HTTP_Response_Headers|Security Hardening]]. | ||
== Example webpage == | |||
This is a simple example page containing an iframe element that embeds QPR ProcessAnalyzer. | |||
<pre> | |||
<!DOCTYPE html> | |||
<html> | |||
<body> | |||
<iframe src="https://processanalyzer.company.com/qprpa/ui/#/dashboard?sys:dashboardIdentifier=/MyProject/MyDashboard" height="600" width="900"></iframe> | |||
</body> | |||
</html> | |||
</pre> | |||
== Change CSP frame-ancestors setting == | == Change CSP frame-ancestors setting == | ||
By default, the Content-Security-Policy HTTL header '''frame-ancestors'' directive is set to '''< | By default, the Content-Security-Policy HTTL header '''frame-ancestors'' directive is set to '''self''', allowing the parent website where QPR ProcessAnalyzer is embedded to, to be located in the same origin. If the parent website is in another origin, the CSP needs to be changed as follows (allowing to embed QPR ProcessAnalyzer in the example.com website): | ||
<pre> | |||
frame-ancestors 'self' example.com; | |||
</pre> | |||
If the CSP prevents the embedded website from showing, there will be a descriptive error message in the browser console. It contains details which CSP directive didn't allow to open the page. | |||
More information about the Content-Security-Policy HTTL header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP. | |||
Latest revision as of 22:38, 17 September 2025
QPR ProcessAnalyzer can be embedded to another website, such as Microsoft Sharepoint. The embedding is based on the iframe html element. By default, QPR ProcessAnalyzer only allowes to be embedded by a website in the same origin that is restricted by the Content-Security-Policy HTTL header. More information how to change the CSP setting in Security Hardening.
Example webpage
This is a simple example page containing an iframe element that embeds QPR ProcessAnalyzer.
<!DOCTYPE html>
<html>
<body>
<iframe src="https://processanalyzer.company.com/qprpa/ui/#/dashboard?sys:dashboardIdentifier=/MyProject/MyDashboard" height="600" width="900"></iframe>
</body>
</html>
Change CSP frame-ancestors setting
By default, the Content-Security-Policy HTTL header frame-ancestors directive is set to self', allowing the parent website where QPR ProcessAnalyzer is embedded to, to be located in the same origin. If the parent website is in another origin, the CSP needs to be changed as follows (allowing to embed QPR ProcessAnalyzer in the example.com website):
frame-ancestors 'self' example.com;
If the CSP prevents the embedded website from showing, there will be a descriptive error message in the browser console. It contains details which CSP directive didn't allow to open the page.
More information about the Content-Security-Policy HTTL header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP.